Return-Path: 
 <apache-bugdb-owner-apache-bugdb-archive=hyperreal.org@apache.org>
Delivered-To: apache-bugdb-archive@hyperreal.org
Received: (qmail 8949 invoked by uid 6000); 11 Dec 1997 04:00:05 -0000
Received: (qmail 8810 invoked by uid 2001); 11 Dec 1997 04:00:01 -0000
Date: 11 Dec 1997 04:00:01 -0000
Message-ID: <19971211040001.8802.qmail@hyperreal.org>
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org,
From: Marc Slemko <marcs@znep.com>
Subject: Re: mod_auth-any/1534: 'allow from' only allows access when given ip
 addresses, subnet arguments (a.b.c.d/x) refuse access
Reply-To: Marc Slemko <marcs@znep.com>
Sender: apache-bugdb-owner@apache.org
Precedence: bulk

The following reply was made to PR mod_access/1534; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Samuli K�rkk�inen <sak@iki.fi>
Cc: apbugs@hyperreal.org
Subject: Re: mod_auth-any/1534: 'allow from' only allows access when given ip addresses, subnet arguments (a.b.c.d/x) refuse access
Date: Wed, 10 Dec 1997 20:47:15 -0700 (MST)

 On 8 Dec 1997, Samuli K=E4rkk=E4inen wrote:
 
 > >Description:
 > My domain is using the so called "reverse kludge" for reverse DNS. I beli=
 eve
 > this is causing 'allow from' directive to accept only some forms of defin=
 ing
 > client address. Full configuration can be seen at
 > http://www.kelloseppakoulu.fi:8888/. That URL maps to the configuration
 > directory of that server. The configuration is very close to the
 > example configuration that comes with apache distribution. With that
 > configuration access is allowed from everywhere, as it should.
 >=20
 > The following discussion applies to our domain (which, as mentioned, uses
 > reverse kludge for reverse DNS). If I replace 'allow from all' with
 >   allow from 194.100.26.178
 > which is the address of my computer in that LAN, I am correctly given acc=
 ess.
 > If I replace it with
 >   allow from 194.100.26.128/26
 > or
 >   allow from kelloseppakoulu.fi
 > or
 >   allow from .fi
 > all of which should grant access to all hosts in our domain, no host in o=
 ur
 > domain is given access.
 
 In addition to what Dean said about the / notation not being implemented
 in 1.2, the reason why kelloseppakoulu.fi doesn't work is probably because
 your machines aren't configured to return full hostnames.
 
 If you try to access the web server from a machine that should be allowed
 access, what is recorded in the access log for the hostname?  If it is an
 IP, then you either don't have Apache setup to do name lookups or you
 don't have proper reverse.  If it is a hostname without domain, then you
 have an /etc/hosts file or NIS setup that is being used instead of DNS.